CVE - CVE-2006-4339

CVE-ID
CVE-2006-4339	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1000148 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1~~ (Obsolete source) MISC:1016791 URL:http://securitytracker.com/id?1016791 MISC:1017522 URL:http://securitytracker.com/id?1017522 MISC:102648 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1~~ (Obsolete source) MISC:102656 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1~~ (Obsolete source) MISC:102657 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1~~ (Obsolete source) MISC:102686 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1~~ (Obsolete source) MISC:102696 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1~~ (Obsolete source) MISC:102722 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1~~ (Obsolete source) MISC:102744 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1~~ (Obsolete source) MISC:102759 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1~~ (Obsolete source) MISC:19849 URL:http://www.securityfocus.com/bid/19849 MISC:20060901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc MISC:20060905 rPSA-2006-0163-1 openssl openssl-scripts URL:http://www.securityfocus.com/archive/1/445231/100/0/threaded MISC:20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery URL:http://www.securityfocus.com/archive/1/445822/100/0/threaded MISC:20061108 Multiple Vulnerabilities in OpenSSL Library URL:http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html MISC:20061108 Multiple Vulnerabilities in OpenSSL library URL:http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml MISC:20070110 VMware ESX server security updates URL:http://www.securityfocus.com/archive/1/456546/100/200/threaded MISC:200708 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1~~ (Obsolete source) MISC:20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues URL:http://www.securityfocus.com/archive/1/489739/100/0/threaded MISC:201247 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1~~ (Obsolete source) MISC:201534 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1~~ (Obsolete source) MISC:21709 URL:http://secunia.com/advisories/21709 MISC:21767 URL:http://secunia.com/advisories/21767 MISC:21776 URL:http://secunia.com/advisories/21776 MISC:21778 URL:http://secunia.com/advisories/21778 MISC:21785 URL:http://secunia.com/advisories/21785 MISC:21791 URL:http://secunia.com/advisories/21791 MISC:21812 URL:http://secunia.com/advisories/21812 MISC:21823 URL:http://secunia.com/advisories/21823 MISC:21846 URL:http://secunia.com/advisories/21846 MISC:21852 URL:http://secunia.com/advisories/21852 MISC:21870 URL:http://secunia.com/advisories/21870 MISC:21873 URL:http://secunia.com/advisories/21873 MISC:21906 URL:http://secunia.com/advisories/21906 MISC:21927 URL:http://secunia.com/advisories/21927 MISC:21930 URL:http://secunia.com/advisories/21930 MISC:21982 URL:http://secunia.com/advisories/21982 MISC:22036 URL:http://secunia.com/advisories/22036 MISC:22044 URL:http://secunia.com/advisories/22044 MISC:22066 URL:http://secunia.com/advisories/22066 MISC:22083 URL:http://www.securityfocus.com/bid/22083 MISC:22161 URL:http://secunia.com/advisories/22161 MISC:22226 URL:http://secunia.com/advisories/22226 MISC:22232 URL:http://secunia.com/advisories/22232 MISC:22259 URL:http://secunia.com/advisories/22259 MISC:22260 URL:http://secunia.com/advisories/22260 MISC:22284 URL:http://secunia.com/advisories/22284 MISC:22325 URL:http://secunia.com/advisories/22325 MISC:22446 URL:http://secunia.com/advisories/22446 MISC:22509 URL:http://secunia.com/advisories/22509 MISC:22513 URL:http://secunia.com/advisories/22513 MISC:22523 URL:http://secunia.com/advisories/22523 MISC:22545 URL:http://secunia.com/advisories/22545 MISC:22585 URL:http://secunia.com/advisories/22585 MISC:22671 URL:http://secunia.com/advisories/22671 MISC:22689 URL:http://secunia.com/advisories/22689 MISC:22711 URL:http://secunia.com/advisories/22711 MISC:22733 URL:http://secunia.com/advisories/22733 MISC:22758 URL:http://secunia.com/advisories/22758 MISC:22799 URL:http://secunia.com/advisories/22799 MISC:22932 URL:http://secunia.com/advisories/22932 MISC:22934 URL:http://secunia.com/advisories/22934 MISC:22936 URL:http://secunia.com/advisories/22936 MISC:22937 URL:http://secunia.com/advisories/22937 MISC:22938 URL:http://secunia.com/advisories/22938 MISC:22939 URL:http://secunia.com/advisories/22939 MISC:22940 URL:http://secunia.com/advisories/22940 MISC:22948 URL:http://secunia.com/advisories/22948 MISC:22949 URL:http://secunia.com/advisories/22949 MISC:23155 URL:http://secunia.com/advisories/23155 MISC:23455 URL:http://secunia.com/advisories/23455 MISC:23680 URL:http://secunia.com/advisories/23680 MISC:23794 URL:http://secunia.com/advisories/23794 MISC:23841 URL:http://secunia.com/advisories/23841 MISC:23915 URL:http://secunia.com/advisories/23915 MISC:24099 URL:http://secunia.com/advisories/24099 MISC:24930 URL:http://secunia.com/advisories/24930 MISC:24950 URL:http://secunia.com/advisories/24950 MISC:25284 URL:http://secunia.com/advisories/25284 MISC:25399 URL:http://secunia.com/advisories/25399 MISC:25649 URL:http://secunia.com/advisories/25649 MISC:26329 URL:http://secunia.com/advisories/26329 MISC:26893 URL:http://secunia.com/advisories/26893 MISC:28115 URL:http://secunia.com/advisories/28115 MISC:28276 URL:http://www.securityfocus.com/bid/28276 MISC:28549 URL:~~http://www.osvdb.org/28549~~ (Obsolete source) MISC:31492 URL:http://secunia.com/advisories/31492 MISC:38567 URL:http://secunia.com/advisories/38567 MISC:38568 URL:http://secunia.com/advisories/38568 MISC:41818 URL:http://secunia.com/advisories/41818 MISC:60799 URL:http://secunia.com/advisories/60799 MISC:ADV-2006-3453 URL:~~http://www.vupen.com/english/advisories/2006/3453~~ (Obsolete source) MISC:ADV-2006-3566 URL:~~http://www.vupen.com/english/advisories/2006/3566~~ (Obsolete source) MISC:ADV-2006-3730 URL:~~http://www.vupen.com/english/advisories/2006/3730~~ (Obsolete source) MISC:ADV-2006-3748 URL:~~http://www.vupen.com/english/advisories/2006/3748~~ (Obsolete source) MISC:ADV-2006-3793 URL:~~http://www.vupen.com/english/advisories/2006/3793~~ (Obsolete source) MISC:ADV-2006-3899 URL:~~http://www.vupen.com/english/advisories/2006/3899~~ (Obsolete source) MISC:ADV-2006-3936 URL:~~http://www.vupen.com/english/advisories/2006/3936~~ (Obsolete source) MISC:ADV-2006-4205 URL:~~http://www.vupen.com/english/advisories/2006/4205~~ (Obsolete source) MISC:ADV-2006-4206 URL:~~http://www.vupen.com/english/advisories/2006/4206~~ (Obsolete source) MISC:ADV-2006-4207 URL:~~http://www.vupen.com/english/advisories/2006/4207~~ (Obsolete source) MISC:ADV-2006-4216 URL:~~http://www.vupen.com/english/advisories/2006/4216~~ (Obsolete source) MISC:ADV-2006-4327 URL:~~http://www.vupen.com/english/advisories/2006/4327~~ (Obsolete source) MISC:ADV-2006-4329 URL:~~http://www.vupen.com/english/advisories/2006/4329~~ (Obsolete source) MISC:ADV-2006-4366 URL:~~http://www.vupen.com/english/advisories/2006/4366~~ (Obsolete source) MISC:ADV-2006-4417 URL:~~http://www.vupen.com/english/advisories/2006/4417~~ (Obsolete source) MISC:ADV-2006-4586 URL:~~http://www.vupen.com/english/advisories/2006/4586~~ (Obsolete source) MISC:ADV-2006-4744 URL:~~http://www.vupen.com/english/advisories/2006/4744~~ (Obsolete source) MISC:ADV-2006-4750 URL:~~http://www.vupen.com/english/advisories/2006/4750~~ (Obsolete source) MISC:ADV-2006-5146 URL:~~http://www.vupen.com/english/advisories/2006/5146~~ (Obsolete source) MISC:ADV-2007-0254 URL:~~http://www.vupen.com/english/advisories/2007/0254~~ (Obsolete source) MISC:ADV-2007-0343 URL:~~http://www.vupen.com/english/advisories/2007/0343~~ (Obsolete source) MISC:ADV-2007-1401 URL:~~http://www.vupen.com/english/advisories/2007/1401~~ (Obsolete source) MISC:ADV-2007-1815 URL:~~http://www.vupen.com/english/advisories/2007/1815~~ (Obsolete source) MISC:ADV-2007-1945 URL:~~http://www.vupen.com/english/advisories/2007/1945~~ (Obsolete source) MISC:ADV-2007-2163 URL:~~http://www.vupen.com/english/advisories/2007/2163~~ (Obsolete source) MISC:ADV-2007-2315 URL:~~http://www.vupen.com/english/advisories/2007/2315~~ (Obsolete source) MISC:ADV-2007-2783 URL:~~http://www.vupen.com/english/advisories/2007/2783~~ (Obsolete source) MISC:ADV-2007-4224 URL:~~http://www.vupen.com/english/advisories/2007/4224~~ (Obsolete source) MISC:ADV-2008-0905 URL:~~http://www.vupen.com/english/advisories/2008/0905/references~~ (Obsolete source) MISC:ADV-2010-0366 URL:~~http://www.vupen.com/english/advisories/2010/0366~~ (Obsolete source) MISC:APPLE-SA-2006-11-28 URL:http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html MISC:APPLE-SA-2007-12-14 URL:http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html MISC:BEA07-169.00 URL:~~http://dev2dev.bea.com/pub/advisory/238~~ (Obsolete source - check if archived by the Wayback Machine) MISC:DSA-1173 URL:http://www.us.debian.org/security/2006/dsa-1173 MISC:DSA-1174 URL:http://www.debian.org/security/2006/dsa-1174 MISC:FreeBSD-SA-06:19 URL:http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc MISC:GLSA-200609-05 URL:http://security.gentoo.org/glsa/glsa-200609-05.xml MISC:GLSA-200609-18 URL:http://security.gentoo.org/glsa/glsa-200609-18.xml MISC:GLSA-200610-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml MISC:GLSA-201408-19 URL:http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MISC:HPSBMA02250 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 MISC:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:HPSBTU02207 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 MISC:HPSBUX02153 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 MISC:HPSBUX02165 URL:http://www.securityfocus.com/archive/1/450327/100/0/threaded MISC:HPSBUX02186 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MISC:HPSBUX02219 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 MISC:JVN#51615542 URL:http://jvn.jp/en/jp/JVN51615542/index.html MISC:JVNDB-2012-000079 URL:http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html MISC:MDKSA-2006:161 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:161~~ (Obsolete source) MISC:MDKSA-2006:177 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:177~~ (Obsolete source) MISC:MDKSA-2006:178 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:178~~ (Obsolete source) MISC:MDKSA-2006:207 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:207~~ (Obsolete source) MISC:OpenPKG-SA-2006.018 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html MISC:OpenPKG-SA-2006.029 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html MISC:RHSA-2006:0661 URL:http://www.redhat.com/support/errata/RHSA-2006-0661.html MISC:RHSA-2007:0062 URL:http://www.redhat.com/support/errata/RHSA-2007-0062.html MISC:RHSA-2007:0072 URL:http://www.redhat.com/support/errata/RHSA-2007-0072.html MISC:RHSA-2007:0073 URL:http://www.redhat.com/support/errata/RHSA-2007-0073.html MISC:RHSA-2008:0629 URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html MISC:SSA:2006-257-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306 MISC:SSA:2006-310-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955 MISC:SSRT061181 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 MISC:SSRT061213 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 MISC:SSRT061239 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 MISC:SSRT061266 URL:http://www.securityfocus.com/archive/1/450327/100/0/threaded MISC:SSRT061273 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 MISC:SSRT061275 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 MISC:SSRT071299 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MISC:SSRT071304 URL:https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 MISC:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MISC:SUSE-SA:2006:055 URL:http://www.novell.com/linux/security/advisories/2006_55_ssl.html MISC:SUSE-SA:2006:061 URL:http://www.novell.com/linux/security/advisories/2006_61_opera.html MISC:SUSE-SA:2007:010 URL:http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html MISC:SUSE-SR:2006:026 URL:http://www.novell.com/linux/security/advisories/2006_26_sr.html MISC:TA06-333A URL:http://www.us-cert.gov/cas/techalerts/TA06-333A.html MISC:USN-339-1 URL:http://www.ubuntu.com/usn/usn-339-1 MISC:VU#845620 URL:http://www.kb.cert.org/vuls/id/845620 MISC:[3.9] 20060908 011: SECURITY FIX: September 8, 2006 URL:http://www.openbsd.org/errata.html MISC:[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] URL:http://marc.info/?l=bind-announce&m=116253119512445&w=2 MISC:[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error URL:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html MISC:[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues URL:http://lists.vmware.com/pipermail/security-announce/2008/000008.html MISC:http://docs.info.apple.com/article.html?artnum=304829 URL:http://docs.info.apple.com/article.html?artnum=304829 MISC:http://docs.info.apple.com/article.html?artnum=307177 URL:http://docs.info.apple.com/article.html?artnum=307177 MISC:http://openvpn.net/changelog.html URL:http://openvpn.net/changelog.html MISC:http://support.attachmate.com/techdocs/2127.html URL:http://support.attachmate.com/techdocs/2127.html MISC:http://support.attachmate.com/techdocs/2128.html URL:http://support.attachmate.com/techdocs/2128.html MISC:http://support.attachmate.com/techdocs/2137.html URL:http://support.attachmate.com/techdocs/2137.html MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm MISC:http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf URL:http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf MISC:http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html URL:http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html MISC:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ URL:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ MISC:http://www.openoffice.org/security/cves/CVE-2006-4339.html URL:http://www.openoffice.org/security/cves/CVE-2006-4339.html MISC:http://www.openssl.org/news/secadv_20060905.txt URL:http://www.openssl.org/news/secadv_20060905.txt MISC:http://www.opera.com/support/search/supsearch.dml?index=845 URL:http://www.opera.com/support/search/supsearch.dml?index=845 MISC:http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html URL:http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html MISC:http://www.serv-u.com/releasenotes/ URL:http://www.serv-u.com/releasenotes/ MISC:http://www.sybase.com/detail?id=1047991 URL:http://www.sybase.com/detail?id=1047991 MISC:http://www.vmware.com/security/advisories/VMSA-2008-0005.html URL:http://www.vmware.com/security/advisories/VMSA-2008-0005.html MISC:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html URL:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html MISC:http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html URL:http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html MISC:http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html URL:http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html MISC:http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html URL:http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html MISC:http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html URL:http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html MISC:http://www.vmware.com/support/player/doc/releasenotes_player.html URL:http://www.vmware.com/support/player/doc/releasenotes_player.html MISC:http://www.vmware.com/support/player2/doc/releasenotes_player2.html URL:http://www.vmware.com/support/player2/doc/releasenotes_player2.html MISC:http://www.vmware.com/support/server/doc/releasenotes_server.html URL:http://www.vmware.com/support/server/doc/releasenotes_server.html MISC:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html URL:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html MISC:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html URL:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html MISC:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html URL:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html MISC:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html URL:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html MISC:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 URL:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 MISC:https://issues.rpath.com/browse/RPL-1633 URL:https://issues.rpath.com/browse/RPL-1633 MISC:https://issues.rpath.com/browse/RPL-616 URL:https://issues.rpath.com/browse/RPL-616 MISC:https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html URL:https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html MISC:openssl-rsa-security-bypass(28755) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28755 MISC:oval:org.mitre.oval:def:11656 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
Assigning CNA
Red Hat, Inc.
Date Record Created
20060824	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060824)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)